from the nice-to-see-some-stunned-officers-for-a-change dept

It usually takes very extreme behavior from law enforcement officers to punch holes in the qualified immunity shield. Fortunately/unfortunately, there's seems to be no shortage of extremely-badly-behaving law enforcement officers.

In this case, fielded by the Eighth Circuit Court of Appeals, the Kansas City Police Department was investigating a homicide. Detectives managed to track the victim's cellphone to an apartment. They also managed to track down the suspect by using a combination of phone records and old fashioned police work. They arrested the suspect and applied for a search warrant for his residence.

The warrant request omitted the fact they had heard the targeted phone ringing in an apartment on Winchester Street, rather than the apprehended suspect's residence (the "Bristol residence"). The SWAT team also met prior to the search and were informed the homicide suspect was already in custody.

The SWAT team proceeded to the Bristol residence with a normal search warrant. Once the SWAT team arrived, it decided to do SWAT team things, even though it only had a normal warrant that didn't authorize the things it chose to do.

At 7:00 p.m., the SWAT team, dressed in tactical gear with weapons drawn, approached the front door of the Bristol residence. The front entrance had both an inside wooden door and an outside metal screen door, each of which were “double-keyed,” meaning they required a key to open from both the inside and the outside. Because the warrant did not authorize a “no knock” entry, the SWAT team knocked on the door and announced: “Police, search warrant!” At the time, there were four people inside the residence: the plaintiff, Z.J., a two year old girl; Laverne Charles, age 84; Leona Smith, age 68; and Carla Brown, age 24. Carla grabbed the keys to the door and opened the inside door.

So far, so good. There was no suspect to apprehend so the SWAT team's presence seems a bit extraneous. But the resident was offering to unlock the door to let them in to search the place. But time waits for no one, not even the Fourth Amendment.

She then held up the keys to the door in her hand and jingled them for the SWAT team to see in order to indicate that she was going to open up the door. Before she had the opportunity to open it, the SWAT team knocked out the screen and threw in a flash-bang grenade over Carla’s head into the living room of the house. Carla testified that she would have opened the screen door had she been given the opportunity to do so.

The officers involved in the raid disputed this account. And by "dispute," I mean "basically agreed that's what happened, but with a bunch of exonerative explanations."

Sgt. Rusley claimed waited "five to ten seconds" before starting to pry off the screen door. He claimed the resident refused to open the door and walked away. Feeling the element of surprise had been compromised, he tried to regain it by sailing a flash-bang grenade into the residence. Another officer said roughly the same thing, only varying the narrative by claiming the team couldn't immediately discern what the waving of keys by the resident meant, but that the introduction of a flash-bang grenade would clear up any confusion.

This is what followed the flash-bang grenade's "appearance" on the scene:

The flash-bang grenade caught the living room drapes on fire. The SWAT team had to remove the drapes from the house and place them in the front yard before continuing through the rest of the house. The SWAT team found two-year old Z.J. in the living room. One officer acknowledged Z.J. was “very shaken from the whole situation.” The team placed Carla and Leona in zip tie restraints, but was unable to place restraints on Laverne because of her advanced age and physical condition.

Because the person at the door didn't wave the officers in quickly enough, the officers threw a flash-bang grenade into a room containing a two-year-old. Fortunately, it was only the drapes that caught fire.

Why the flash-bang? Well, habit, apparently. The SWAT team always has them, and pretty much always finds a reason to use them.

As the district court noted, the Board did not have any policy about the use of flash-bang grenades — such as when their use is appropriate and how to use them safely. One officer estimated that in executing search warrants, flash-bang grenades were used 80-90% of the time; another officer estimated that in his experience they were used about 50% of the time; and a third officer estimated they were used about 75% of the time.

The SWAT team members asked for the lawsuit to be dismissed, claiming qualified immunity shielded their attempt to set someone's living room on fire during normal warrant service. The court disagrees, finding that flash-bang grenades are rarely justified, especially in situations like these. As the court points out, a flash-bang isn't some sort of supercharged noisemaker: it's a weapon that causes very real damage.

The record evidence shows the flash-bang grenade used here is four times louder than a 12-gauge shotgun blast and emits a light 107 times brighter than the brightest high-beam vehicle headlight. It has a powerful enough concussive effect to break windows and put holes in walls. The flash-bang burns at around 5,000 degrees Fahrenheit, creating an obvious and serious risk of burning individuals, damaging property, and starting fires (as occurred here). In some cases, they can even be lethal. And as this case illustrates well, they pose a risk of traumatizing unsuspecting occupants — particularly small children like two-year old Z.J.

The court says there are cases where flash-bang use may be justified. But this case contained zero of those elements.

Whether the use of the flash-bang grenade here was reasonable is not a close question. The SWAT team knew the suspect, Charles, was already in custody. Any potential justification based on the fact Charles was (at the time) suspected of murder is eliminated by the fact the SWAT team knew they would not encounter Charles there. Nor did they have any indication that other people at the residence would pose any threat. In fact, they had no idea who was inside the house because they failed to do any investigation into that question beyond a quick drive-by to check the address. The use of a flash-bang grenade under these facts was not reasonable. “The use of a [flash-bang] grenade must be justified by the particular risk posed in the execution of the warrant.” Terebesi v. Torreso, 764 F.3d 217, 239 (2d Cir. 2014). Nor was the manner of use reasonable. They threw the flash-bang grenade into the house blindly without knowing whether children, elderly, or other innocent individuals were inside.

In defense of their blind flash-bang toss, the officers claimed there still may have been some danger present in the house. The police may have already had a suspect in custody but the sued officers theorized the homicide could have been part of a larger criminal conspiracy, which could have meant the residence housed even more dangerous criminals. The court has no time for this distended post facto rationalization.

Of course, they had no actual information to support this after-the-fact speculation. More to the point, however, this argument relies on a dangerously flawed premise. The argument that the SWAT team was justified in using a flash-bang grenade because they did not know for certain it was unnecessary is precisely backwards; it makes using that dangerous level of force the default. This type of “flash-bang first, ask questions later” approach runs headlong into the Fourth Amendment. Law enforcement officers like the SWAT team members here need an actual justification for using a flash-bang grenade; the mere hypothetical possibility that someone dangerous could be in a house they are entering — without any actual facts to indicate that is true or likely to be true — is not sufficient.

The court finds the argument that knocking and alerting the residents of the home removed the "element of surprise," forcing the SWAT team's grenade-lobbing hand.

The explanation that the flash-bang was used because the SWAT team believed it was “compromised,” meaning “that occupants of the residence knew [the SWAT team officers] were there and that [the officers] no longer had the element of surprise,” is unpersuasive. The search warrant did not authorize the SWAT team to conduct a “no-knock” warrant, and so they knocked on the front door and announced their presence, which obviously defeated the element of surprise. After all, the purpose of the constitutional knock-and-announce requirement is to allow a citizen the chance to come to the door and allow entrance to an officer who is legally entitled to enter.

The court says this is all clearly-established at this point, so no one involved in the SWAT team's flash-bang use will be able to dodge this lawsuit.

Only the plainly incompetent officer announces his presence at a house with no known dangerous people and then decides to throw in a flash-bang grenade because the occupants know he is there.

Sometimes, vague, unsupported beliefs about the dangerousness of the general public aren't enough to allow officers to dodge culpability for their dangerous decisions. This is one of those (rare) cases.

from the don't-normalize-surveillance dept

Last week, when I wrote about Senator Graham's crazy "But think of the children online!" moral panic hearing, I highlighted comments from a guy named Christopher McKenna, who runs an organization called "Protect Young Eyes," which is one of those organizations that freaks parents out about all the evil things your kids might be up to. Among many of the crazy and misleading comments McKenna made, was one that was actually accurate, but interpreted incorrectly. McKenna whined that it was impossible to "watch over" kids online all the time. His solution was to force companies (and politicians) to censor the internet with filters and other tools. Or, at the very least he seemed to think parents needed better tools to spy on their kids' online activities.

As we pointed out, another person on the panel suggested that rather than spying on our kids all the time, it would be better for parents to educate kids how to be good digital citizens, how to avoid danger, and how to better interact with the world around them. He was almost entirely ignored for the rest of the panel.

This divide in parenting techniques is a big deal, however. Thanks to new technologies it is much easier to spy on kids all the time. But we should be wary of that. Wired just had an article about how the app Life360 is ruining kids' summer as parents are tracking everything they do:

That’s because for many adolescents, adult supervision has turned into adult surveillance. Schools are adopting facial recognition technology to monitor campuses. Parents can now remotely check their child’s browsing histories and social media accounts, watch their movements via motion-sensing cameras, and track everywhere they go with location-sharing apps. In a Pew Research Center study last year, 58 percent of US parents said they sometimes or often look at their teenager’s messages, call logs, and the websites they visit. In a separate study from 2016, 16 percent said they used location-sharing apps.

Life360 is one of the many digital monitoring tools now used by millions of parents in the United States. The app functions like an enhanced version of Apple’s “Find My” feature that lets you share your location with friends or family—or what the company calls “your Circle.” In addition to location sharing, Life360 lets family members see how fast people in their circle are driving, how much battery their cell phones have, and more. The service is free to download and use, although you can pay for additional features. According to the San Francisco-based company, Life360 had over 18 million monthly active users at the end of 2018.

This is... horrifying? We're teaching the exact wrong thing to kids. We're not teaching them to think for themselves, or to have their own life skills and street (or digital) smarts. Instead, we've become so overly worried (at a time when there is significantly less risks), and so infatuated with our ability to spy on someone's every move, that we've not considered what kinds of lessons we're teaching those kids in the first place. For one, teaching them to expect to be surveilled and watched at all times seems like a really awful idea. Second, it's telling kids that parents don't trust them. And, sure, not all kids should be trusted, but defaulting to that position seems like a terrible idea.

And all of this is happening at a time when people are freaked out about Facebook and Google's "surveillance" of everyday activities -- but what are we teaching our kids when apps like Life360 go way, way further. Indeed, much of the Wired article details how Life360 wraps up its constant surveillance in terms about how it's "helping families."

The term "helicopter parenting" became popular when I was a kid, but this seems to go way, way beyond that (perhaps this is "drone parenting?"). Protecting children is certainly a worthy goal, but what exactly are we protecting them from and at what costs? So much of this surveillance seems designed to prevent the very, very rare and very, very unlikely disaster scenarios. Those are horrifying, but given how unlikely they are, the actual "benefit" of this kind of surveillance is extremely low. However, the costs -- training kids to give up their privacy, denying trust, hindering the ability of children to trust their own instincts and learn on their own -- seems much, much higher.

A mother and her 9-year-old daughter were separated for 36 hours after the child fell into U.S. Customs and Border Protection custody because agents at the border didn't believe she was who she claimed to be, a mother says.

This debacle started the way something like this usually does: with US citizens engaged in activity they engage in every day. In this case, mother Thelma Galaxia's children were being driven from Tijuana to the border crossing in order to attend school in San Ysidro, California. This was the normal state of affairs for her 9-year-old daughter and 14-year-old son.

Traffic was heavy at the crossing so her friend told them to walk across the border to make sure they got to school on time. Both children were questioned by CBP officers. These officers decided 9-year-old Isabel Medina didn't resemble her passport photo. They accused her of actually being her cousin, Melanie.

That wasn't enough for the CBP. It also decided to terrorize her 14-year-old brother, Oscar, by accusing him of being a criminal.

Galaxia said officers made Oscar Medina sign a document that said his little sister was his cousin.

“That is not true,” Galaxia said. “She is my daughter. He was told that he would be taken to jail and they were going to charge him for human trafficking and sex trafficking.”

The intimidated 14-year-old signed the document, thus making the CBP officers technically correct in their assumptions. They now had a paper signed by a human trafficker family member stating that Isabel Medina was actually someone other than the person she actually was.

Galaxia's children might have been detained longer if she hadn't gone to the press. NBC7 reports the Mexican consulate contacted the station while Galaxia was being interviewed by journalists, saying the children were being released to her. Presumably, the station's requests for comment from the involved government agencies got the wheels rolling on her daughter's case. The CBP, meanwhile, has refused to comment on this detention, claiming it's still in the middle of investigating this incident.

It seems like one of the CBP officers might have tried to contact the children's parents to straighten this out. But I guess it's a lot easier to intimidate children into false confessions when there are no other adults around standing up for their rights or contradicting the CBP's assumptions.

from the christ-what-an-asshole dept

Cincinnati police officer Kevin Brown’s decision to fire a Taser at an 11-year-old girl suspected of shoplifting from a grocery store in August immediately drew criticism from city officials and advocates.

But Ohio state Representative John Becker had a different take. Had it been his daughter, he announced in an August newsletter, “I’d be ashamed and embarrassed that she did something stupid enough to get herself tased.”

This is even worse than the police union's take on the incident, which referred to the completely expected backlash as "kneejerk." But, hey, I guess deciding to tase an 11-year-old in the back -- one who reportedly was all of 4'11'' and 90 pounds -- couldn't possibly be portrayed as a kneejerk reaction by a law enforcement officer. When force isn't truly needed, we can be sure some cops will deploy it anyway.

But Rep. John Becker's take is the hottest take of all. Anyone tased by a cop -- even an 11-year-old -- is a person who brought that crackling, barbed punishment down on themselves. There's no reason to question the wisdom or necessity of the Taser deployment. Rather, we should question ourselves. And perhaps society. But mostly ourselves.

Becker also addressed police shootings in his newsletter. If his child were shot by police, he wrote, “rather than blaming the cop, I’d be blaming myself and endlessly soul searching to figure out how I failed as a parent and why my kid grew up to be a punk.” He added, “Based on the evidence of what I see on television, it often times appears to me that justice was delivered to the dead punk.”

"Based on the evidence of what I see on television…" Holy shit. This is an elected representative. And he thinks the TV is giving him the "evidence" he needs to make snap judgments on tased kids. Blame the victim. And blame the victim's parents.

The police chief -- in a surprisingly reasonable statement -- said the Taser deployment was "unnecessary."

Back to Becker:

Becker also told The Appeal that if police tase a child, “it could be an indication of a parenting problem.” He added, “If I were to do research, I would expect to find that kids that come from two parent in-tact [sic] supportive families are less likely to get in trouble with the authorities than kids that came from tougher environments.”

"If I were to do the research…" Would this be research beyond the television watching that's given Becker such keen insight into officer-involved shootings? Who knows? Becker's certainly not going to do the research. He's just going to stick by his electro-guns and blame victims of cop violence for being raised badly or otherwise being harmed by the disintegration of the nuclear family unit -- the 2.5 children born to married heterosexuals who have managed to weather an escalating divorce rate, porn, video games, movies, television, the internet, social media, Satanism, multiple pagan-based holidays, postal rate hikes, alternate sexual orientations, public school indoctrination, Daylight Savings Time, mandatory vaccinations, HAARP projects (known and unknown), President Obama, Brown v. Board of Education, morning-after pills, weird Twitter, the removal of prayer from schools, the Simpsons, artistic expression in general, and whatever else has reduced the American way of life to a hideous nightmare where punk kids manage to live their whole lives without being deservedly tased by blameless, saintly police officers.

Becker is an idiot, but let's pretend the research he didn't do actually says what he thinks it will say. Even if a majority of kids tased/killed by cops are raised by single and/or inattentive parents, that doesn't justify force deployments that far exceed the danger presented by the developing situation. This 11-year-old was tased in the back by an officer who was taller, weighed more, and had the ability to summon any number of additional officers if it appeared this preteen was going to, I don't know, grow a foot, add 100 pounds of weight, and produce an arsenal of weapons before the officer got the mild shoplifting situation under control.

If you agree with John Becker, you're probably John Becker. Or a cop who hates using force reasonably or responsibly. But you're definitely not the sort of person who can be trusted with government power.

The student irrevocably grants an assignment transferring to the Alliance for Young Artists & Writers, Inc. (“Alliance”) all right, title, and interest (including all copyrights) in and to the submitted work (“Work”), such that the Work, and all rights relating to the Work, shall be the exclusive property of the Alliance, subject to (a) the student’s non-exclusive license, hereby granted, (i) to maintain and make limited display and distribution of a copy of the Work as part of the student’s portfolio solely for purposes of identification and reference to the student’s body of works, and (ii) to submit a copy of the Work for consideration for other scholarships, awards, and recognitions, and (b) such other licenses and authorizations as the Alliance may, in the exercise of its sole discretion, grant to the student upon the student’s written request.

To submit an entry is to capitulate to Scholastic and cede ownership of your creative work. Scholastic points out it's only for two years, as though that excuses this unneeded clause in the participation terms. There's no reason Scholastic needs an exclusive license to the creation of others to present artists' works to others. Setting it up this way controls how the creator gets to use their own work, allowing Scholastic to benefit exclusively from the works of others.

Yes, the contract (so to speak…) sunsets after two years, but even then there are stipulations. Scholastic is still allowed perpetual, royalty-free use of students' submissions. And this rollback of grabbed rights only comes into play if Scholastic can locate participants after the two-year exclusive license expires.

Alliance will return the Work upon the expiration of the two (2) year period commencing with the date of the national award notification. The Alliance will attempt to notify the student using the contact information provided on the Submission Form, (or, if applicable, such contact information as the Alliance shall have later received), prior to returning and shipping the Work to the home address provided. Students are obligated to notify the Alliance if their address or other contact information changes and will be solely responsible for any non-delivery or loss of, or damage to, the Work that may result from my failure to do so. If Work is returned to the Alliance for reasons including, but not limited to, refusal of delivery or failure to provide forwarding instructions, the student understands and agrees that the Alliance hold my work up to three (3) years from the date of the national award notification. If the Work is not retrieved by the student or on the student’s behalf once the three (3) year period has lapsed, the student understands and agrees that exclusive ownership of the physical Work will transfer to and fully vest in the Alliance automatically and immediately upon the expiration of this period, and that the Alliance, as the owner of the Work will have the right to continue to store, destroy, use or display the physical Work as it may choose in the exercise of its sole discretion. In such event, the student shall, and hereby does, assign to the Alliance and its successors all right, title and interest in and to the physical Work.

Miss the three-year cutoff (possibly through no fault of your own) and the work becomes the sole, indisputable property of Scholastic. Even if the artwork is retrieved in a timely fashion, it still won't belong solely to the creator but will forever be partially "licensed" to Scholastic for life+70.

The involvement of minors raises further questions about this boilerplate. Minors can't form contracts so it's likely Scholastic gets around this by sending participation sheets to educators and parents to obtain signatures, but likely without informing those signing on behalf of students of Scholastic's IP intentions.

Scholastic responded by saying it's been super-clear about the terms and conditions. But those reading Scholastic's tweet will notice the FAQ was published the same day as its cheerily-defensive tweet to Matthews, which means it has only recently been upfront about its two-year copyright claim.

Scholastic's participation terms aren't unusual. But that doesn't make them right. There's nothing about this sort of contest that demands full control of submitted works. A limited non-exclusive license would allow Scholastic to display creations and use them in promotional material without fear of a participant lawsuit. Or, for that matter, a Creatve Commons license could be applied with the terms set by particpants rather than Scholastic. But Scholastic obviously feels it's the creators who should give up their rights. The whole thing is ridiculous -- especially since it's standard operating procedure for entities seeking submissions from creators. It only serves to show creators copyright is a handy tool for bigger, more powerful entities but of little use to the creators themselves.

P.S. Matthews drew a little something to keep the pressure on Scholastic to change its submission terms:

from the won't-somebody-think-of-the-children-even-more? dept

In an open letter to Apple, two of its major shareholders, Jana Partners and the California State Teachers' Retirement System, have raised concerns about research that suggests young people are becoming "addicted" to high-tech devices like the iPhone and iPad, and the software that runs on them. It asks the company to take a number of measures to tackle the problem, such as carrying out more research in the area, and providing more tools and education for parents to help them deal with the issue. The letter quotes studies by Professor Jean M. Twenge, a psychologist at San Diego State University, who is also working with the shareholders in an effort to persuade Apple to do more:

Professor Twenge's research shows that U.S. teenagers who spend 3 hours a day or more on electronic devices are 35% more likely, and those who spend 5 hours or more are 71% more likely, to have a risk factor for suicide than those who spend less than 1 hour.

Other quoted research found:

The average American teenager who uses a smart phone receives her first phone at age 10 and spends over 4.5 hours a day on it (excluding texting and talking). 78% of teens check their phones at least hourly and 50% report feeling "addicted" to their phones.

According to the letter, at least part of the solution needs to come from Apple:

we note that Apple's current limited set of parental controls in fact dictate a more binary, all or nothing approach, with parental options limited largely to shutting down or allowing full access to various tools and functions. While there are apps that offer more options, there are a dizzying array of them (which often leads people to make no choice at all), it is not clear what research has gone into developing them, few if any offer the full array of options that the research would suggest, and they are clearly no substitute for Apple putting these choices front and center for parents.

The Apple shareholders behind the letter admit that it is not entirely altruistic:

we believe that addressing this issue now will enhance long-term value for all shareholders, by creating more choices and options for your customers today and helping to protect the next generation of leaders, innovators, and customers tomorrow.

Building on this, they also shrewdly point out that Apple has little to fear from moves to give parents more control over their children's use of Apple products:

Doing so poses no threat to Apple, given that this is a software (not hardware) issue and that, unlike many other technology companies, Apple's business model is not predicated on excessive use of your products. In fact, we believe addressing this issue now by offering parents more tools and choices could enhance Apple's business and increase demand for its products.

we are constantly looking for ways to make our experiences better. We have new features and enhancements planned for the future, to add functionality and make these tools even more robust.

Unless that functionality goes well beyond the perfunctory, it is unlikely to satisfy the shareholder groups, who presumably want the "full array of options" they mention. The danger for Apple is that a limited response might lead to it being swept up in the growing backlash against Silicon Valley and its products, evident in a number of recent articles. One thing Apple could do is to make it easier for third parties to write apps that address the problem in a thoroughgoing way -- something its tightly-controlled ecosystem may make harder than for Android.

A broader issue is how serious the problem of gadget "addiction" in children really is -- and how it should be tackled. Clearly, the parents play a key role here, but what about the hardware and software companies who profit from it? To what extent should they provide fine-grained parental controls -- should social media, for example, offer parents the capability to limit the number and timing of daily posts made by their children, and would that even help?

from the family-first dept

Copyright trolls are a plague spreading across the world, one which has received far too little social medicine for the taste of many. This virulent form of rent-seeking tends to put out some of the more despicable strategies, from flatout falsely accusing people of piracy, lying to international students about the punishment for copyright infringement, and threatening those that expose their actions.

In 2011, a family received a letter from Universal Music, demanding cash alongside claims that Rihanna’s album ‘Loud’ had been illegally shared via their Internet connection. The parents, to whom the letter was addressed, indicated that they had no interest whatsoever in the R&B star. However, one of their three children apparently did, and the parents knew which one had committed the infringement. Perhaps understandably, however, the parents didn’t want to throw their child to the lions. It’s a position that’s supported by a local law which protects family members from having to testify against each other.

The case ended up at the Munich Court of First Instance and the parents were held liable for copyright infringement and ordered to pay almost 3,900 euros. From there the case progressed to the Federal Court of Justice (Bundesgerichtshof – BGH), which handed down its ruling Thursday. In a big win for Universal, the BGH upheld the decision of the lower court, holding the parents liable for copyright infringement.

In other words, in the name of copyright trolls that have naught but an IP address to go on, parents in Germany may now face a flavor of Sophie's Choice: give up your children to the copyright troll or pay all fines themselves. Given that we're talking about children here, that likely amounts to the same result, as parents will be the one footing the bill. Still, there is something sadistic about trying to cooerce parents into naming their own children before the court. Keep in mind that this is mere copyright infringement we're talking about, not the typical crimes for which parents have long been expected to be responsible for when their children violate the law. And keep in mind as well how often these copyright trolls are wrong, have faulty or incomplete evidence, and so on.

Levying responsibility for the failure to out one's own family member is almost comically pernicious. That the court saw fit to route around local laws protecting families from this sort of thing in the name of copyright trolls seems doubly so.

from the internet-of-not-so-smart-things dept

So we've noted time and time again how so-called "smart" toys aren't immune to the security and privacy problems plaguing the internet of broken things. Whether we're talking about the Vtech hack (which exposed kids' selfies, chat logs, and voice recordings) or the lawsuits against Genesis Toys (whose products suffer from vulnerabilities to man-in-the-middle attacks), the story remains the same: these companies were so excited to connect everything and anything to the internet, but few could be bothered to spend more than a fleeting moment thinking about product security and consumer privacy.

Troy Hunt, creator of the very useful Have I Been Pwned? website, this week highlighted one of the biggest privacy breaches yet when it comes to the connected toy market. Spiral Toys makes the CloudPets line of stuffed animals, which adorably record and play back voice messages that can be sent over the Internet by parents and children alike. Less adorable is the fact that this collected data is stored by a Romanian company called mReady, which apparently left this data in a public available database neither protected by a password nor placed behind a firewall.

As such, that data was publicly accessible to anybody perusing the data via the Shodan search engine. And while it's hard to nail down a precise number, Hunt estimates that somewhere around 2 million voice recordings of children and parents were just left exposed to the open air, as well as the e-mail addresses and passwords for more than 800,000 Spiral Toys CloudPets accounts.

On a positive note, the company did appear to keep CloudPets stored passwords as a bcrypt hash, one of the more secure methods available. But that appears to have been compromised by the fact that the company (as outlined in this instructional video for customers) has absolutely no restrictions when it comes to minimal password strength:

"However, counteracting that is the fact that CloudPets has absolutely no password strength rules. When I say "no rules", I mean you can literally have a password of "a". That's right, just a single character. The password used here in the demonstration is literally just "qwe"; 3 characters and a keyboard sequence. What this meant is that when I passed the bcrypt hashes into hashcat and checked them against some of the world's most common passwords ("qwerty", "password", "123456", etc.) along with the passwords "qwe" and "cloudpets", I cracked a large number in a very short time."

As we've seen with so many IoT companies, many simply don't respond when contacted and warned about vulnerabilities. And when they are warned, lawsuit threats are often more common than cogent responses. In this case, Hunt notes that Spiral Toys was contacted three times about the data being publicly exposed and its weak password rules, and it chose to ignore each one of them:

"3 attempts to warn the organisation of a serious security vulnerability and not a single response. I've said many times before in many blog posts, public talks and workshops that one of the greatest difficulties I have in dealing with data breaches is getting a response from the organisation involved. Time and time again, there are extensive delays or no response at all from the very people that should be the most interested in incidents like this. If you run any sort of online service whatsoever, think about what's involved in ensuring someone can report this sort of thing to you because this whole story could have had a very different outcome otherwise."

In other words, here's yet another company that not only thinks security and privacy are an afterthought, but can't actually be bothered to respond when informed that the data of millions of users was just sitting unsecured in public view. These companies don't appear to realize it, but their incompetence acts as a living, breathing advertisement for why dumb toys and devices remain the smarter option.

from the changing-perceptions-of-reality dept

As Techdirt readers know only too well, doing things "for the children" is a perfect excuse to pass all kinds of ridiculous laws that would otherwise be thrown out without a thought. For example, back in 2013, we wrote about attempts to pass legislation in Russia that would ban swearing on the Internet. It was framed as an amendment to an existing law called "On the Protection of Children" that introduced a blacklist designed to block access to information on drugs, suicide and child pornography. Now the head of Roskomnadzor, the body that oversees website-blocking in Russia, has a bold proposal for protecting children from all the Internet's possible harms. It takes the "for the children" logic to its logical conclusion, as TorrentFreak explains:

In a Q&A session with AIF.ru, Alexander Zharov spoke on a number of issues, including online safety, especially for children. Naturally, kids need to be protected but the Rozcomnadzor chief has some quite radical ideas when it comes to them using the Internet.

"I believe that a child under 10-years-old should not go online. To use [the Internet] actively they need to start even later than that," Zharov said.

He went on to say:

"Some parents are proud of the fact that their three-year-old kid can deftly control a tablet and use it to watch cartoons. It is nothing good, in my opinion. A small child will begin to consider the virtual world part of the real world, and it changes their perception of reality."

This is presumably just Zharov's personal opinion, not a foreshadowing of official policy -- it's hard to believe the view that children under 10 years old should stay off the Net would ever be enshrined in a law. Then again, given some of the things that Russian officials have been suggesting, such as disconnecting Russia from the global Internet, you never know. And once people start invoking "for the children," common sense tends to go straight out of the window.

from the family-court dept

When we talk about young people filing lawsuits over "oversharing" of information and/or media on social media sites, schools are typically the targets of the suits. Inevitably, whether school personnel originally sought access to a student's social media accounts for good intentions or simply to be a slut-shaming dick, the contents within the accounts are then weaponized for humiliation purposes.

But a recent lawsuit filed by an eighteen year old woman in Austria must have parents the world over wincing. At issue wasn't some random person or school official attempting to shame the girl. It was just her parents' sharing photos of a family member and now they face a lawsuit.

A 18-year-old woman from Carinthia is suing her parents for posting photos of her on Facebook without her consent. She claims that since 2009 they have made her life a misery by constantly posting hundreds of photos of her, including embarrassing and intimate images from her childhood.

Legal expert Michael Rami was quoted by Austrian media as saying he believes she has a good chance of winning in court. The shared images include baby pictures of her having her nappy changed and later potty training pictures.

As a relatively new parent myself, I can assure you I'm paying attention. I haven't shared anything so intimate as potty-training photos of my two boys on social media, mind you, but who is to say what pictures my grown-up son might eventually come to feel is embarrassing? In the age of social media, I would think it's only pictures of our children that out-mass pictures of our food among those we share with our followers and friends. Well-meaning as we all might be, what happens if courts ill-prepared to tackle these kinds of disputes suddenly render this family sharing tortious?

To be fair to the young lady in question, it appears that her parents turned something of a deaf ear to her non-litigious complaints.

Despite her requests, they have refused to delete the photos - prompting her to sue them. "I'm tired of not being taken seriously by my parents", she said. Her father believes that since he took the photos he has the right to publish the images.

Because of our writing topics here at Techdirt, I'm basically thinking about intellectual property roughly all the time, but even I am having trouble imagining myself asserting this kind of defense as a father. I can imagine how frustrated the young lady must be at the callous attitude her parents have taken. But does it amount to something worthy of a lawsuit?

Well, Austrian law isn't as strict on matters of privacy and social media as other nations. As the article notes, the French government has gone so far as to warn parents against sharing photos of their children for fear of the social repercussions for them later in life. There's way too much hand-wringing in that kind of stance for my taste, but I can also see their point. I would hope, however, that the question comes down to delineating what qualifies as embarrassing content and what doesn't, rather than relying on any individual's interpretation. Otherwise, the courts could be a mess for a long time coming.